I have a lambda connected to an API gateway; it's deployed using sls and works great. However, it's datastore is an Aurora that is in the default VPC and is set to public. This is less than ideal, security-wise.
I have, in the past, set up Auroras in their own VPC on private subnets and had ec2s in that VPC easily access it. However, all of the material I have read about getting a lambda to use a VPC RDS states that the lambda itself should also reside in the VPC.
This concerns me because of the cold start issue. So, my questions are:
Is there a way for my 'no vpc' lambda to access an Aurora RDS that
lives in its own VPC without putting the lambda into the VPC itself?There has been talk for some time that aws will be addressing the lambda VPC 'cold start' issue soon. Do we know when that is anticipated to happen? Will existing lambdas benefit from this change once it is instituted?
Is there some other method of securing a public RDS to restrict access to only my lambda (besides the obvious user/pass credentials)?
Thanks in advance